Fake Google+ invites contain malware and link to sites with the purpose of farming e-mail addresses of potential targets, according to Kaspersky Lab.
The company has offered some advice on how to secure your Google+ account, which includes:
- Profile management section. Within this section, Google+ offers privacy level settings that allow users to customise the privacy of every aspect of their Google Plus account.
- Circle Management. This offers users the ability to limit the information you display to certain groups of people. Circles are the main privacy control centre according to Kaspersky.
- Instant upload. This feature is active by default if you use Google Plus on an Android Smartphone. It will instantly upload photos and video you’ve taken to a Picasa profile for future use. To save on data costs as maintain privacy, this setting can be disabled.
Full press release below:
Google Plus + fake invites = dangerous malware and infection, says Kaspersky Lab
Kaspersky Lab warns Internet users of targeted attacks on newly launched Google Plus social networking site.
Having only launched at the end of June, Google Plus is growing fast, having already reached more than 10 million* users in its first week of operation. However, as with any social network, over sharing has become the default option, and as such, is a constant concern. Considering Google Plus is new to this arena, it is interesting to note that it has already attracted the attention of cybercriminals. In fact, Kaspersky Lab have identified that cybercriminals are already targeting individuals through friend invites to this network, via emails.
Says Fabio Assolini, Malware Researcher, Global Research and Analysis Team at Kaspersky Lab; “Google Plus is another addition to the social networking world, and while certainly an exciting avenue to explore in this regard, considering the world of Internet cybercrime, Kaspersky Lab have identified that Brazilian cybercriminals have already started sending fake invites with malicious links pointing to malware, specifically Trojan bankers. We recently found one targeting Portuguese speakers and as such, feel that it is crucial to warn users of the potential security threats targeting this social networking site as it is only set to grow.”
The fake invite contains an infected link that when accessed, redirects the user to a very common Brazilian Trojan banker file – a .cmd file hosted at Dropbox. The most interesting thing to note in this message however is another link pointing to a form hosted at Google Docs. The message shows the link as “send the invitation to your friends” but it is actually a fake form created to collect names and e-mail addresses of new victims. Kaspersky Lab has reported this malicious file and the fake Web form to Google for their interest.
Social networks are seen as one of the greatest security threats among businesses, along with various other forms of file sharing. The introduction of new social networking sites creates a haven for cybercriminals to implement virus and threat activity for their own gain; especially as such sites are without a doubt popular among users. In fact, looking at statistics it is evident as to why these sites attract cybercriminals – lots of user. According to Strategy Worx CC**, worldwide Facebook has 750 million users, of which over four million (approximately 4 095 280) originate from South Africa. The same reports also indicates that Twitter has an estimated figure of 277 million worldwide users of which approximately 900 000 users are in SA. Google Plus is fast gaining the attention of users and the nature progress to cybercriminals is evident.
As such, Kaspersky Lab offers the following tips for securing a Google Plus account:
- Profile Management – The profile editing section is the brains of the Google Plus’s privacy, providing a versatile interface that allows you to customise how you share each and every nugget of your information. Be sure to use it and make your privacy levels a high priority.
- One circle to rule them all – If you’re going to use Google Plus, you need to learn to master the fine art of Circle Management. Circles are the main privacy control centre of Google Plus. They allow you to create groups of friends and associates using a powerful (and cool) user interface that makes it easy to group friends, family and co-workers, and then limit who can see what.
- Instant upload - If you access Google Plus using your Android phone, photos and videos you take are automatically uploaded to Google’s cloud via a new tool called Instant Upload. Don’t worry – photos aren’t shared by default, but are stored on a private Picasa Web folder for future sharing. Instant Upload is a fine idea – for a minority of users – but it’s enabled by default and may take a lot of new Google Plus users unaware. To disable Instant Upload, click into the app, Menu/ Settings/ and at the top of the screen uncheck “Instant Upload” for increased protection.
Concludes Assolini; “If you are interested in joining Google Plus, our advice would be to ensure you explore this medium on a secure computer, whist being cautious at all times of pop up blocks and links that insist you re-direct. Furthermore, Kaspersky Lab urge users to not believe in supposed invites received via e-mails. Ensuring a safe social networking experience requires you to be aware that such threats exist, thereby being able to take action the necessary action required and socialising in a secure environment.”